Feds Charge Four in New Darkode Case

Federal prosecutors have indicted four people, including one U.S. citizen, on racketeering and other charges for their role in developing and distributing malware through Darkode, a notorious online forum for hackers that international law enforcement closed four years ago.

The indictment was filed under seal on December 4, 2018, and unsealed on Wednesday this week. One person in the case, Thomas McCormick, 26, of Washington State, who also went by the name "fubar," has already been arrested by the FBI and remains in custody, according to the charging document in the case.

The three other indicted suspects in the case, Matjaz Skorjanc, 32, of Slovenia; Florencio Carro Ruiz, 40, of Spain; and Mentor Leniqi, 35, of Slovenia remain at large, according to court documents.

In addition to the new charges announced this week, prosecutors believe that Skorjanc, who also went by the names "iserdo" and "serdo," helped organize the original Darkode. Skorjanc is also suspected of selling malware known as the ButterFly bot, which was used to build the Mariposa botnet, which Spanish police dismantled in 2009.

Darkode Goes Dark

In July 2015, the FBI, along with Europol and its European Cyber Crime Center, shuttered Darkode, a notorious dark net site that specialized in the buying and selling of malware, zero-day exploits and access to compromised servers (see: Police Shutter Darkode Cybercrime Forum).

In addition to the buying and selling of malware and other hacking tools, Darkode functioned as a collective with 250 to 300 active members. Those members aimed to recruit new members who could enrich the forum with new skills or software that would allow the group to infect an ever-expanding number of PCs with malware, and then use them for criminal purposes, according to law enforcement.

"Darkode members allegedly used each other's skills and products to infect computers and electronic devices of victims around the world with malware and, thereby gain access to, and control over, those devices," according to the new court papers filed this week.

At the time of the police operation that brought Darkode down in 2015, law enforcement either searched, charged or arrested 70 different people worldwide as part of that case.

Although federal prosecutors believe that the four suspects indicted this week belonged to the Darkode collective, it's not clear why the charges against them were filed nearly four years after the site shut down. A spokesperson for the U.S. Attorney's Office did not return a call seeking additional comment.

If convicted of racketeering conspiracy, the suspects in this case could face a maximum of 20 years in federal prison. The maximum sentence for wire fraud and bank fraud is 30 years in federal prison, according to the U.S. Attorney's Office.

In addition to the other charges, McCormick was indicted on five counts of aggravated identity theft, according to the charging papers unsealed this week.

A Revived Darkode

While law enforcement closed the original Darkode site in 2015, there have been several attempts to revive the collective under new leadership over the past four years (see:
Darkode Reboot: All Bark, No Bite?).

In April of this year, Forbes published a story that the forum is now back, including a new Twitter account, and is collecting new exploits to sell and share.

One the hackers involved in the new Darkode site told Forbes that Skorjanc has handed the leadership of the collective to another person to act as administrator. There about 1,000 people active on the site in any given week, according to the story.

About the Author

Ferguson is the managing editor for the news desk at Information Security Media Group. He's been covering the IT industry for more than 13 years. Before joining ISMG, Ferguson was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.